From 9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 17 Aug 2020 17:08:43 +0200
Subject: add dumpable warnings

---
 src/fseccomp/fseccomp.h |  1 +
 src/fseccomp/main.c     | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

(limited to 'src/fseccomp')

diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h
index e8dd083b6..e40999938 100644
--- a/src/fseccomp/fseccomp.h
+++ b/src/fseccomp/fseccomp.h
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <sys/prctl.h>
 #include "../include/common.h"
 #include "../include/syscall.h"
 
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 892a88e25..6b7800f35 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -64,6 +64,15 @@ printf("\n");
 		usage();
 		return 1;
 	}
+	if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
+		usage();
+		return 0;
+	}
+
+#ifdef WARN_DUMPABLE
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+		fprintf(stderr, "Error fseccomp: I am dumpable\n");
+#endif
 
 	char *quiet = getenv("FIREJAIL_QUIET");
 	if (quiet && strcmp(quiet, "yes") == 0)
@@ -81,11 +90,7 @@ printf("\n");
 		}
 	}
 
-	if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
-		usage();
-		return 0;
-	}
-	else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0)
+	if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0)
 		syscall_print();
 	else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0)
 		syscall_print_32();
-- 
cgit v1.2.3-54-g00ecf


From 21918f6d92f9261cc45f208ac407819980d4a59c Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 17 Aug 2020 22:10:07 +0200
Subject: cleanup

---
 src/fcopy/main.c         | 2 +-
 src/fldd/main.c          | 2 +-
 src/fnet/main.c          | 2 +-
 src/fnetfilter/main.c    | 2 +-
 src/fsec-optimize/main.c | 1 +
 src/fsec-print/main.c    | 2 +-
 src/fseccomp/main.c      | 1 +
 7 files changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/fseccomp')

diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index bda7e2f1b..67237b4ea 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -413,7 +413,7 @@ int main(int argc, char **argv) {
 	}
 
 #ifdef WARN_DUMPABLE
-	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid())
 		fprintf(stderr, "Error fcopy: I am dumpable\n");
 #endif
 
diff --git a/src/fldd/main.c b/src/fldd/main.c
index 567f6c566..d68504f6b 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -304,7 +304,7 @@ printf("\n");
 	}
 
 #ifdef WARN_DUMPABLE
-	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid())
 		fprintf(stderr, "Error fldd: I am dumpable\n");
 #endif
 
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 22879b8ce..f6316a7fe 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -70,7 +70,7 @@ printf("\n");
 		return 0;
 	}
 #ifdef WARN_DUMPABLE
-	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid())
 		fprintf(stderr, "Error fnet: I am dumpable\n");
 #endif
 	char *quiet = getenv("FIREJAIL_QUIET");
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index bac60cbec..1ca35ab56 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -182,7 +182,7 @@ printf("\n");
 		return 1;
 	}
 #ifdef WARN_DUMPABLE
-	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid())
 		fprintf(stderr, "Error fnetfilter: I am dumpable\n");
 #endif
 	char *destfile = (argc == 3)? argv[2]: argv[1];
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 4da110583..fb13eeca8 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -45,6 +45,7 @@ printf("\n");
 	}
 
 #ifdef WARN_DUMPABLE
+	// check FIREJAIL_PLUGIN in order to not print a warning during make
 	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
 		fprintf(stderr, "Error fsec-optimize: I am dumpable\n");
 #endif
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index 858289767..d1f056e47 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -62,7 +62,7 @@ printf("\n");
 	}
 
 #ifdef WARN_DUMPABLE
-	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid())
 		fprintf(stderr, "Error fsec-print: I am dumpable\n");
 #endif
 
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 6b7800f35..13eb3dfe7 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -70,6 +70,7 @@ printf("\n");
 	}
 
 #ifdef WARN_DUMPABLE
+	// check FIREJAIL_PLUGIN in order to not print a warning during make
 	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
 		fprintf(stderr, "Error fseccomp: I am dumpable\n");
 #endif
-- 
cgit v1.2.3-54-g00ecf